** Description changed:
- SDK applications need the following AppArmor policy to run:
+ SDK applications sometimes need the following AppArmor policy to run:
/dev/binder rw,
The writes to /dev/binder allow applications to attack binder directly
which weakens our application confinement policy because there is no
mediation between binder services.
- All apps currently need this access because of the sensors service (even on
mir). The following are the binder services that Ubuntu currently uses:
+ The following are the binder services that Ubuntu currently uses:
- camera
- - sensors
- - surface flinger (only used as fallback now)
+ - media playback service (used by media-hub)
- location was in this group but is already moved away. vibrate is not
- implemented but when it is it will only use our API (ie, not binder). Of
- the remaining binder services listed above, camera is moving to HAL in
- 14.04 and sensors shoudl also move there as well in 14.04.
+ location was in this group but is already moved away. surface flinger
+ was used as a fallback but has been removed. vibrate is not implemented
+ but when it is it will only use our API (ie, not binder). sensors was
+ implemented as usensors in 14.10. Of the remaining binder services
+ listed above, camera is still present for video recording and media
+ playback service implements a subset of the android API for media
+ playback (it is used by media-hub).
This bug will be resolved when /dev/binder is no longer used or it is
only used by one service and therefore the /dev/binder access can move
into the appropriate policy group.
Right now, because all apps needs access to /dev/binder, all apps end up
- with access to the camera and sensors services even when these policy
- groups are not specified. Getting rid of /dev/binder access is for fine-
- grained application confinement to work correctly.
+ with access to the camera and media playback services even when these
+ policy groups are not specified. Getting rid of /dev/binder access is
+ for fine-grained application confinement to work correctly.
** Changed in: lxc-android-config (Ubuntu Trusty)
Status: Confirmed => Won't Fix
** Also affects: lxc-android-config (Ubuntu Utopic)
Importance: High
Assignee: Ubuntu Phonedations bugs (ubuntu-phonedations-bugs)
Status: Confirmed
** Also affects: apparmor-easyprof-ubuntu (Ubuntu Utopic)
Importance: Undecided
Status: Triaged
** Changed in: apparmor-easyprof-ubuntu (Ubuntu Trusty)
Status: Confirmed => Won't Fix
** No longer affects: touch-preview-images
--
You received this bug notification because you are a member of Ubuntu
Phonedations bugs, which is a bug assignee.
https://bugs.launchpad.net/bugs/1197134
Title:
All SDK applications require access to /dev/binder
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
Triaged
Status in “lxc-android-config” package in Ubuntu:
Confirmed
Status in “apparmor-easyprof-ubuntu” source package in Saucy:
Won't Fix
Status in “lxc-android-config” source package in Saucy:
Won't Fix
Status in “apparmor-easyprof-ubuntu” source package in Trusty:
Won't Fix
Status in “lxc-android-config” source package in Trusty:
Won't Fix
Status in “apparmor-easyprof-ubuntu” source package in Utopic:
Triaged
Status in “lxc-android-config” source package in Utopic:
Confirmed
Bug description:
SDK applications sometimes need the following AppArmor policy to run:
/dev/binder rw,
The writes to /dev/binder allow applications to attack binder directly
which weakens our application confinement policy because there is no
mediation between binder services.
The following are the binder services that Ubuntu currently uses:
- camera
- media playback service (used by media-hub)
location was in this group but is already moved away. surface flinger
was used as a fallback but has been removed. vibrate is not
implemented but when it is it will only use our API (ie, not binder).
sensors was implemented as usensors in 14.10. Of the remaining binder
services listed above, camera is still present for video recording and
media playback service implements a subset of the android API for
media playback (it is used by media-hub).
This bug will be resolved when /dev/binder is no longer used or it is
only used by one service and therefore the /dev/binder access can move
into the appropriate policy group.
Right now, because all apps needs access to /dev/binder, all apps end
up with access to the camera and media playback services even when
these policy groups are not specified. Getting rid of /dev/binder
access is for fine-grained application confinement to work correctly.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1197134/+subscriptions
--
Mailing list: https://launchpad.net/~ubuntu-phonedations-bugs
Post to : ubuntu-phonedations-bugs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-phonedations-bugs
More help : https://help.launchpad.net/ListHelp
